Upgrade/Downgrade Considerations

Upgrade/downgrade considerations for SD-WAN Plugin 2.1 and 2.0.
The following tables list the features that have upgrade or downgrade impact. Make sure you understand all upgrade and downgrade considerations before you upgrade to or downgrade from an SD-WAN plugin 2.1 or 2.0 release. For additional information about the SD-WAN plugin releases, refer to the PAN-OS 10.1 Release Notes and PAN-OS 10.0 Release Notes.
SD-WAN Plugin 2.1 Upgrade/Downgrade Considerations
Feature
Upgrade Considerations
Downgrade Considerations
To upgrade from SD-WAN Plugin 2.0.x to 2.1.0, complete the following steps during a maintenance timeframe:
  1. Upgrade to SD-WAN Plugin 2.1.0.
  2. Make a small configuration change of your choice in the SD-WAN cluster configuration. For example, change the SD-WAN hub priority and change it back.
  3. Issue a local Panorama Commit.
  4. Push the configuration to all devices in the VPN cluster at once. On the Push Scope Selection, select
    Force Template Values
    .
  5. Reboot all SD-WAN hubs. If the hubs are an HA pair, follow the HA reboot procedure.
None
SD-WAN Plugin 2.0 Upgrade/Downgrade Considerations
Feature
Upgrade Considerations
Downgrade Considerations
To upgrade from SD-WAN Plugin 2.0.x to 2.0.3, complete the following steps during a maintenance timeframe:
  1. Upgrade to SD-WAN Plugin 2.0.3.
  2. Make a small configuration change of your choice in the SD-WAN cluster configuration. For example, change the SD-WAN hub priority and change it back.
  3. Issue a local Panorama Commit.
  4. Push the configuration to all devices in the VPN cluster at once. On the Push Scope Selection, select
    Force Template Values
    .
  5. Reboot all SD-WAN hubs. If the hubs are an HA pair, follow the HA reboot procedure.
None
Downgrading the Panorama management server and managed firewalls that currently leverage features that were introduced in PAN-OS 10.0.3 (or later version) or SD-WAN plugin 2.0.1 (or later version) can cause stability issues if you downgrade from the following versions:
  • PAN-OS 10.0.3 or a later version to PAN-OS 10.0.2 or an earlier release with SD-WAN plugin 2.0.1 or later version installed.
  • SD-WAN plugin version 2.0.1 or a later version to SD-WAN plugin 2.0.0.
Workaround
: Before you upgrade to PAN-OS 10.0.3 or SD-WAN plugin 2.0.1, save and export your Panorama and firewall configurations. Then, if you need to downgrade PAN-OS or the SD-WAN plugin to a previous version:
  1. Downgrade the PAN-OS or SD-WAN plugin version on Panorama and managed firewalls.
  2. Select
    Panorama
    Setup
    Operations
    and
    Import named Panorama configuration snapshot
    .
  3. Load named Panorama configuration snapshot
    .
  4. Commit and Push
    .
If you did not export and save a Panorama and managed firewall configuration prior to upgrading to PAN-OS 10.0.3 or SD-WAN plugin 2.0.1, then— before you can successfully downgrade to PAN-OS 10.0.2 (or an earlier version) or SD-WAN plugin 2.0.0—you must remove any feature options or configurations that were introduced in PAN-OS 10.0.3 or in SD-WAN plugin 2.0.1.
Remove Private AS
None
If you change the
Remove Private AS
setting, commit to all SD-WAN cluster nodes, and subsequently downgrade to an SD-WAN Plugin version earlier than 2.0.2, then all configuration related to
Remove Private AS
must be done outside of the SD-WAN plugin or directly on the firewalls.
Full Mesh and DDNS
None
If you downgrade from SD-WAN Plugin 2.0.1 to an earlier plugin version, the VPN Cluster will not support a mesh configuration or a DDNS configuration. If you had configured a VPN mesh configuration, then you must move the cluster to a Hub-Spoke configuration, configure a hub if you didn't have one,
Remove DDNS Configuration
, commit on Panorama, and then push the configuration to your firewalls.  If you cannot change the VPN cluster to a Hub-Spoke configuration, then you must delete the entire cluster, commit on Panorama, and then push the configuration to your firewalls before you downgrade. 

Recommended For You